Foundational Principles

Proactive, not Reactive; Preventative not Remedial: The goal of privacy by design is to take preventative action by implementing measures to reduce the risk of privacy infractions.[198]

Privacy as the Default Setting: The default setting for all products and services should be to protect personal information so that an individual’s privacy is automatically protected without any action being required by the individual.[199]

Privacy Embedded into Design: The protection of personal information should be an integral part of information systems and business practices; it should not be an add?on.[200]

Full Functionality – Positive-Sum, not Zero-Sum: Privacy by design should be considered a benefit; there should be no trade?offs with other features to achieve this goal.[201]

End-to-End Security – Full Lifecycle Protection: The protection of personal information must extend throughout the system’s entire lifecycle.[202]

Visibility and Transparency – Keep it Open: Transparency is important to ensure that systems and practices are truly able to protect user privacy; independent verification must always be possible.[203]